Newsletter | Develop Site

Ubercart sub-modules - Multiple Vulnerabilities

* Advisory ID: DRUPAL-SA-CONTRIB-2010-083
* Project: UC2Checkout, UCPaypal, UC Cart LInks (third-party modules in the
Ubercart Project)
* Version: 5.x, 6.x
* Date: 2010-Aug-11
* Security risk: Critical
* Exploitable from: Remote
* Vulnerability: Access Bypass, Cross Site Request Forgery

-------- DESCRIPTION
---------------------------------------------------------

Language English

SEO [en:field:taxonomy_vocabulary_4:book:label]:

Ubercart sub-modules

Tags [en:field:taxonomy_vocabulary_3:book:label]:

Multiple Vulnerabilities

Taxonomy upgrade extras [en:field:taxonomyextra:book:label]:

Newsletter

Read more about Ubercart sub-modules - Multiple Vulnerabilities
Log in or register to post comments

Print - Local file read access

* Advisory ID: DRUPAL-SA-CONTRIB-2010-082
* Project: Printer, e-mail and PDF versions (third-party module)
* Version: 5.x, 6.x
* Date: 2010-August-11
* Security risk: Critical
* Exploitable from: Remote
* Vulnerability: Local file read access

-------- DESCRIPTION
---------------------------------------------------------

Language English

SEO [en:field:taxonomy_vocabulary_4:book:label]:

Tags [en:field:taxonomy_vocabulary_3:book:label]:

Local file read access

Taxonomy upgrade extras [en:field:taxonomyextra:book:label]:

Newsletter

Read more about Print - Local file read access
Log in or register to post comments

FileField Sources - Arbitrary Code Execution

* Advisory ID: DRUPAL-SA-CONTRIB-2010-081
* Project: FileField Sources (third-party module)
* Version: 6.x
* Date: 2010-May-19
* Security risk: Critical
* Exploitable from: Remote
* Vulnerability: Arbitrary Code Execution

-------- DESCRIPTION
---------------------------------------------------------

Language English

SEO [en:field:taxonomy_vocabulary_4:book:label]:

FileField Sources

Tags [en:field:taxonomy_vocabulary_3:book:label]:

Arbitrary Code Execution

Taxonomy upgrade extras [en:field:taxonomyextra:book:label]:

Newsletter

Read more about FileField Sources - Arbitrary Code Execution
Log in or register to post comments

New ATutor 2.0 Modules

August 11, 2010

Three new modules for ATutor 2.0 were release today. They can be downloaded from the ATutor module site at the link below, or they can be imported directly from atutor.ca using the ATutor administrator's Module Manager. For more about modules, or to download them, visit:

http://www.atutor.ca/atutor/modules/index.php

*New ATutor Modules*

*Assignment Drop Box*

Language English

SEO [en:field:taxonomy_vocabulary_4:book:label]:

Atutor

Tags [en:field:taxonomy_vocabulary_3:book:label]:

e-learning

Taxonomy upgrade extras [en:field:taxonomyextra:book:label]:

Newsletter

Read more about New ATutor 2.0 Modules
Log in or register to post comments

Kaltura - Information disclosure

* Advisory ID: DRUPAL-SA-CONTRIB-2010-078
* Project: Kaltura (third-party module)
* Versions: 5.x, 6.x
* Date: 2010-July-28
* Security risk: Less Critical
* Exploitable from: Remote
* Vulnerability: Information disclosure

-------- DESCRIPTION
---------------------------------------------------------

Language English

SEO [en:field:taxonomy_vocabulary_4:book:label]:

kaltura

Tags [en:field:taxonomy_vocabulary_3:book:label]:

drupal

kaltura

Taxonomy upgrade extras [en:field:taxonomyextra:book:label]:

Newsletter

Read more about Kaltura - Information disclosure
Log in or register to post comments

ATutor 2.0 Released

July 6, 2010

ATutor 2.0 has now been released. This version has some significant new features and represents a change of direction for ATutor software from its LMS roots to a collection of tools for developing online classrooms. ATutor administrators should upgrade their systems at their earliest convenience.

Follow these links for addition details, and read below for a list of new features.

*ATutor 2.0 Demo*
http://www.atutor.ca/atutor/demo.php

Language English

SEO [en:field:taxonomy_vocabulary_4:book:label]:

e-learning

Tags [en:field:taxonomy_vocabulary_3:book:label]:

e-learning

Taxonomy upgrade extras [en:field:taxonomyextra:book:label]:

Newsletter

Read more about ATutor 2.0 Released
Log in or register to post comments

Drupal Upgrading

UPGRADING
---------

Prior to upgrading, you should ensure that:

* Your system meets or exceeds Drupal's minimum requirements as shown at
http://drupal.org/requirements.
* You have a backup of all your relevant data (#1).
* Custom and contributed modules have been checked for compatibility (#11).
* Custom and contributed themes have been checked for compatibility (#11).
* You have read through this entire document.

Let's begin!

Language English

Newsletter [en:field:taxonomy_vocabulary_2:story:label]:

Newsletter

SEO [en:field:taxonomy_vocabulary_4:story:label]:

drupal

Tags [en:field:taxonomy_vocabulary_3:story:label]:

drupal

upgrade

Taxonomy upgrade extras [en:field:taxonomyextra:story:label]:

upgrade

Read more about Drupal Upgrading

Joomla Security News

Project: Joomla!

Language English

Newsletter [en:field:taxonomy_vocabulary_2:story:label]:

Newsletter

SEO [en:field:taxonomy_vocabulary_4:story:label]:

security

Read more about Joomla Security News
Log in or register to post comments

SA-CONTRIB-2010-061 - AddonChat - Multiple Vulnerabilities

* Advisory ID: DRUPAL-SA-CONTRIB-2010-061
* Project: AddonChat (third-party module)
* Version: 6.x-1.x
* Date: 2010-May-26
* Security risk: Highly Critical
* Exploitable from: Remote
* Vulnerability: Multiple (Privilege Escalation, Cross-site scripting)

DESCRIPTION

The AddonChat module provides Drupal integration with the AddonChat Java chat
room.

Due to unsafe handling of the global $user object, failed authentication at
the custom addonchat_auth.php script will log in an attacker as the chosen
user.

Language English

Newsletter [en:field:taxonomy_vocabulary_2:story:label]:

Newsletter

SEO [en:field:taxonomy_vocabulary_4:story:label]:

vulnerabilities

Tags [en:field:taxonomy_vocabulary_3:story:label]:

security